Linux Network configuration

Fedora - Network configuration

Network configuration on Fedora is quite similar to the one for other versions of RedHat Linux, besides the standard files, the main configuration is done on /etc/sysconfig/network where is defined the hostname and can be placed the default gateway and in the files of the /etc/sysconfig/network-scripts/ directory.

The TCP/IP network setup is done with the script /etc/init.d/network, with obviously must be started before other network services on a connected machine.
The official graphical configuration tool is system-config-network (Menu System Settings - Network), from here is possible to define the IP parameters for all the interfaces found on the system (tab Devices, modifies the /etc/sysconfig/network-scripts/ifcfg-interface and /etc/sysconfig/networking/devices/ifcfg-interface files), the IP of the DNS servers (tab DNS, modifies /etc/resolv.conf), the static host IP assignement (tab Hosts, modifies /etc/hosts).
Fedora supports also user's profiles, with differnet network settings. The Network Configuration tools easily let the user define a profile and its parameters, the relevant system files are placed in the directory /etc/sysconfig/networking/profiles/profilename/. Currently Fedora does not allow the definition of a profile at boot time, when the machine is started the default "Common" profile is used, to switch to a custom one either launch system-config-network graphical tool and select your profile or type system-config-network-cmd -p profilename --activate.
RedHat provides other network configuration tools:
netconfig is an old text configuration tool, which is obsolete and may be used to a fast configuration;
system-config-network-tui is the text version of the graphical Network Configuration Tool.
system-config-network-druid (Menu System tools - Internet configuration wizard) is a guided wizard which helps an easy configuration of Ethernet, modem, ISDN, DSL, wireless configuration.

Firewall configuration
Red Hat stores the firewall configuration in the /etc/sysconfig/iptables file which is formatted in order to be used by the iptables-restore command. Firewalling is managed with the /etc/init.d/iptables script which can be followed by arguments like start to activate firewalling, stop to disable it, panic to shutdown any Internet access, status to view the current iptables rules.
A simple and not extremely flexible configuration tool is system-config-firewall, which is adeguate for a desktop machine but surely not for a router/firewall.

Suse 9: Network configuration

Network configuration on Suse has substantially evolved since version 8.0 and resembles the one found in various other Linux distributions.
As usual Yast2 can be used to fully configure network devices nad TCP/IP settings and since we presume you already know how to do it with a graphical interface, let's see, more deeply the involved files.

Configuration files
/etc/sysconfig/network/ifcfg-*
These are the systems's configuration files for every network interface where "*" can be the name of the inteface (eth0, eth1, lo, ppp0...), its MAC address (ex: 00c09f2dc8a4) or indicate what hardware is used (usb, pcmcia).
The main parameters used in these files are:
BOOTPROTO - Can be static (IP configured manually), dhcp (IP oubtained through DHCP)
IPADDR BROADCAST NETMASK NETWORK - Define typical IP parameters: IP address, broadcast, netmask and network address
MTU - Defines the Maximum Transfer Unit (the size of every IP packet). Default on ethernet devices is 1500.
STARTMODE - Indicates the to activate the interface: onboot (at system's boot), hotplug (when a pluggable network device is inserted), manual (manually).
Other parameters can be used and can vary according to the interface type.

/etc/sysconfig/network/config
Contains various, well commented, variables that are applied to every interface, they include also what actions can be done when the interface status is changed. The same values can be specified in the single /etc/sysconfig/network/ifcfg-* files, for a more granular control on the single interfaces.
/etc/sysconfig/network/dhcp, similarly, sets parameters related to dhcp use (logging, lease time, timouts, modification of system's settings, wait time at boot and so on).
/etc/sysconfig/network/wireless sets and describes the various parameters that can be applied to wireless devices (wieless mode, essid, frequency, sensibility, encryption key...). As usual they can be used in the ifcfg files of the single wireless devices, but it's useful to know the options than can be used.

/etc/sysconfig/network/routes
Defines all the (general) static routes. It's possible to specify routes exclusively related to the activation of single interfaces with the files /etc/sysconfig/network/ifroute-interface.
The format of this file is:
DESTINATION  GATEWAY  NETMASK|PREFIX INTERFACE [TYPE] [OPTIONS]

/etc/resolv.conf
Defines, as in most Unixes, the address of the DNS server to be used by the system.
Some services (pppd, ipppd, dhcpclient, hotplug, pcmcia, pptpclient) can temporarily modify this file in order to use, according to the new connection established, the appropriate DNS server. This is done by Suse's nice shell script /sbin/modify_resolvconf which has various options to handle and manage different dynamic entries in /etc/resolv.conf and /etc/named.conf.

/etc/hosts
As in most Unixes, in this file you can statically assign IP addresses to host names. You can also use /etc/networks for IP networks. The resolver by default first checks this file, before querying the DNS servers in /etc/resolv.conf. This order and other settings about how the system assigns names to resources can be changed (as in every Linux) in /etc/host.conf (old configuration file used by libc4 and libc5 linked programs) or /etc/nsswitch.conf (used by every recent program linked with glibc libraries).

/etc/HOSTNAME
Contains the hostname of the system, used by various startup scripts.

Commands
SuSE features typical Linux network related commands as ifconfig route netstat ip and other commands which can be found in various distros such as ifup (can be invoked also by the symlinks ifstatus or ifdown giving status info on the specified interface or shutting it down) .
Similarly to RedHat's service command, SuSE provides a set of scripts, or better symlinks, to manage to init scripts for the various services:
/sbin/rcnetwork restart restarts the network services as would do the command /etc/init.d/network restart.

Suse 9: Firewalling

Suse 9's firewall management is in the hands of the SuSEfirewall2 package and (obviously) based on iptables. The package provides a main script /sbin/SuSEfirewall2 and various initialization and configuration scripts that  present a user friendly logic that hides the raw syntax of the iptables command.
The configuration can be done with YaST2 graphical interface or editing directly the main configuration file /etc/sysconfig/SuSEfirewall2.

The questions asked in YaST2 have their equivalent in the variables configured in this file, which define various (well commented) parameters function-oriented such as:
FW_QUICKMODE="no"
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="no"
# FW_SERVICES_EXT_TCP="www"
# FW_SERVICES_DMZ_UDP="syslog"
FW_SERVICES_EXT_TCP="http ssh telnet"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
# FW_SERVICES_QUICK_TCP="ssh"
# FW_SERVICES_QUICK_UDP="isakmp"
# FW_SERVICES_QUICK_IP="50"
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
FW_REJECT="no"
# FW_HTB_TUNE_DEV="ppp0,125"
#   FW_HTB_TUNE_DEV="ppp0,250"
FW_HTB_TUNE_DEV=""

The init scripts are divided in three stages: /etc/init.d/SuSEfirewall2_init, /etc/init.d/SuSEfirewall2_setup and /etc/init.d/SuSEfirewall2_final  which are easily managed by the rcSuSEfirewall2 script.
Sample configurations and some docs can be found in /usr/share/doc/packages/ and, while it's still possible to use the iptables command in the interactive shell or in custom scripts, the easy and fast choice is surely to comform to the SuSEfirewall2 logic.
The SuSEfirewall2 command provides some nice options:
SuSEfirewall2 start|stop Applies or removes the iptables.
SuSEfirewall2 status Show the status of the iptables (provides the output of iptables -L -nv).
SuSEfirewall2 test Simulates the rules, logging all the packets that would be dropped.
SuSEfirewall2 debug Prints to stdout the iptables commands that could be applied, without actually executing them.

Networking in Linux

The basic commands used in Linux are common to every distro:
ifconfig - Configures and displays the IP parameters of a network interface
route - Used to set static routes and view the routing table
hostname - Necessary for viewing and setting the hostname of the system
netstat - Flexible command for viewing information about network statistics, current connections, listeing ports
arp - Shows and manages the arp table
mii-tool - Used to set the interface parameters at data link layer (half/full duplex, interface speed, autonegotiation...)

Many distro are now including the iproute2 tools with enhanced routing and networking tools:
ip - Multi purpose command for viewing and setting TCP/IP parameters and routes.
tc Traffic control command, used  for classifying, prioritizing, sharing, and limiting both inbound and outbound traffic.

Every distro has its own configuration tool that operate on variously defined configuration files. Some of them are common: /etc/resolv.conf, /etc/nsswitch.conf, /etc/hosts, /etc/services, /etc/protocols

Some, typically the ones where are defined IP addresses and routes, change. Here are some relevant files for various distro, their syntax may vary according the scripts used to handle them:

Debian
/etc/network/interfaces - Interfaces and network parameters     

RedHat Graphical interface: redhat-config-network
/etc/sysconfig/network-scripts/ifcfg-* - Configuration files for each interface. The same file can be found, divided per profile, in /etc/sysconfig/networking/devices/*
/etc/sysconfig/network - Hostname, default gateway, general configuration
/etc/sysconfig/static-routes - Static routes (if any)     

SlackWare Graphical interface: Netconfig
/etc/rc.d/rc.inet1 - IP and network parameters
/etc/rc.d/rc.inet2 - Network Services configuration     

Mandrake Graphical interface: Drakconnect
/etc/sysconfig/network-scripts/ifcfg-* - Configuration files for each interface. The same file can be found, divided per profile, in /etc/sysconfig/networking/devices/*
/etc/sysconfig/network - Hostname, default gateway, general configuration
/etc/sysconfig/static-routes - Static routes (if any)     

Gentoo
/etc/conf.d/net - Ip network and interfaces parameters
/etc/conf.d/routes - Static routes     

SUSE Graphical interface: Yest2
/etc/sysconfig/network/ifcfg-* - Configuration files for each interface.
/etc/sysconfig/network/config - General network configuration.

Debian - Network Configuration

Directory configuration files container  is /etc/network, here you find all file used by ifup and ifdown command to manage the network interfaces.
A single file /etc/network/interfaces to setting up all interfaces, follow a example:
eva:/etc/network# cat interfaces
Configuration options for loopback
auto lo
iface lo inet loopback
Configuration options for eth0
auto eth0
iface eth0 inet dhcp

File/etc/network/options contain configuration string to enable/disable network parameters at kernel runtime as ip_forward or syncookies,Example:
eva:/etc/network# cat options
ip_forward=no
spoofprotect=yes
syncookies=no
You can manage network with /etc/inet.d/networking script  or ifup / ifdown commands and current state of network interfaces are stored in /etc/network/ifstate.
You can setting up hostname editing the /etc/hostname file and mapping ip and hostname with  /etc/hosts, if you want setting a DNS, how in all UNIX  system, edit /etc/resolv.conf.

Slackware - Network configuration

The configuration and setup scripts for networking are a place where Slackware distinguishes itself from other distros.
The proper kernel modules to support ths system NICs are loaded by /etc/rc.d/rc.modules and, if setup has successfully recognized local hardware, /etc/rc.d/rc.netdevice.

The IP configuration parameters are placed in /etc/rc.d/rc.inet1.conf, they can be edited manually or configured by the netconfig tool.
As usual, /etc/resolv.conf contains the IP of the DNS servers and /etc/hosts the static hostname-IP settings.
The /etc/rc.d/rc.inet1 takes care to activate and configure the network interfaces and default gateway according to the user's configuration, the script /etc/rc.d/rc.inet2, executed later, mounts eventual NFS and SMB shares, starts the portmapper, starts firewalling (/etc/rc.d/rc.firewall start), activates IP forwarding (/etc/rc.d/rc.ip_forward start), starts the Inetd superdaemon (/etc/rc.d/rc.inetd start, configured by /etc/inetd.conf with services TCP wrapped according to the limits placed in /etc/hosts.allow and /etc/hosts.deny), the OpenSSH daemon (/etc/rc.d/rc.sshd start), the Bind name server (/etc/rc.d/rc.bind start), NIS (/etc/rc.d/rc.yp start) and NFS server (/etc/rc.d/rc.nfs start).
All these services are started if the relative scripts are executables, to disable one of them, chmod the script to be not executable (rough but effective).

Wireless networking is managed via the /etc/rc.d/rc.wireless, /etc/rc.d/rc.wireless.conf and /etc/rc.d/rc.wlan scripts.
The tool pppsetup cab be used to configure dial up networking, it operated on the files in .